mirror of
https://gitlab.com/cryptsetup/cryptsetup.git
synced 2025-12-18 14:20:09 +01:00
Unify password verification option.
Support password verification with quiet flag if possible. (1.2.0)
This commit is contained in:
Milan Broz
@@ -1,3 +1,7 @@
|
||||
2012-03-16 Milan Broz <mbroz@redhat.com>
|
||||
* Unify password verification option.
|
||||
* Support password verification with quiet flag if possible. (1.2.0)
|
||||
|
||||
2012-02-11 Milan Broz <mbroz@redhat.com>
|
||||
* Add --master-key-file option to luksOpen (open using volume key).
|
||||
|
||||
|
||||
@@ -273,7 +273,7 @@ int crypt_get_key(const char *prompt,
|
||||
/* Passphrase read from stdin? */
|
||||
read_stdin = (!key_file || !strcmp(key_file, "-")) ? 1 : 0;
|
||||
|
||||
if(read_stdin && isatty(STDIN_FILENO))
|
||||
if (read_stdin && isatty(STDIN_FILENO))
|
||||
return crypt_get_key_tty(prompt, key, key_size, timeout, verify, cd);
|
||||
|
||||
if (read_stdin)
|
||||
|
||||
@@ -247,6 +247,9 @@ and it is full 64bit version of plain IV. For more info please see FAQ.
|
||||
.B "\-\-verify-passphrase, \-y"
|
||||
query for passwords twice. Useful when creating a (regular) mapping
|
||||
for the first time, or when running \fIluksFormat\fR.
|
||||
|
||||
Password verification option is ignored if requested on non terminal
|
||||
input (like pipe of file).
|
||||
.TP
|
||||
.B "\-\-key-file, \-d"
|
||||
use file as key material.
|
||||
@@ -347,8 +350,10 @@ This option is only relevant to the LUKS operations as
|
||||
Note that 0 means default.
|
||||
.TP
|
||||
.B "\-\-batch-mode, \-q"
|
||||
Do not ask for confirmation. Use with care! This option is only relevant
|
||||
for \fIluksFormat\fR, \fIluksAddKey\fR, \fIluksRemoveKey\fR or \fIluksKillSlot\fR.
|
||||
Do not ask for confirmation. Use with care!
|
||||
|
||||
If \-y option is not specified, batch mode option also switches off
|
||||
passphrase verification for \fIluksFormat\fR.
|
||||
.TP
|
||||
.B "\-\-timeout, \-t"
|
||||
The number of seconds to wait before timeout. This option is relevant every
|
||||
|
||||
@@ -152,7 +152,7 @@ static int _yesDialog(const char *msg, void *usrptr __attribute__((unused)))
|
||||
size_t size = 0;
|
||||
int r = 1;
|
||||
|
||||
if(isatty(0) && !opt_batch_mode) {
|
||||
if(isatty(STDIN_FILENO) && !opt_batch_mode) {
|
||||
log_std("\nWARNING!\n========\n");
|
||||
log_std("%s\n\nAre you sure? (Type uppercase yes): ", msg);
|
||||
if(getline(&answer, &size, stdin) == -1) {
|
||||
@@ -199,6 +199,24 @@ static void _quiet_log(int level, const char *msg, void *usrptr)
|
||||
_log(level, msg, usrptr);
|
||||
}
|
||||
|
||||
static int _verify_passphrase(int def)
|
||||
{
|
||||
/* Batch mode switch off verify - if not overrided by -y */
|
||||
if (opt_verify_passphrase)
|
||||
def = 1;
|
||||
else if (opt_batch_mode)
|
||||
def = 0;
|
||||
|
||||
/* Non-tty input doesn't allow verify */
|
||||
if (def && !isatty(STDIN_FILENO)) {
|
||||
if (opt_verify_passphrase)
|
||||
log_err(_("Can't do passphrase verification on non-tty inputs.\n"));
|
||||
def = 0;
|
||||
}
|
||||
|
||||
return def;
|
||||
}
|
||||
|
||||
static void show_status(int errcode)
|
||||
{
|
||||
char error[256], *error_;
|
||||
@@ -294,7 +312,7 @@ static int action_create(int arg __attribute__((unused)))
|
||||
r = crypt_get_key(_("Enter passphrase: "),
|
||||
&password, &passwordLen, opt_keyfile_size,
|
||||
NULL, opt_timeout,
|
||||
opt_batch_mode ? 0 : opt_verify_passphrase,
|
||||
_verify_passphrase(0),
|
||||
cd);
|
||||
if (r < 0)
|
||||
goto out;
|
||||
@@ -510,7 +528,6 @@ static int action_luksFormat(int arg __attribute__((unused)))
|
||||
|
||||
keysize = (opt_key_size ?: DEFAULT_LUKS1_KEYBITS) / 8;
|
||||
|
||||
crypt_set_password_verify(cd, 1);
|
||||
crypt_set_timeout(cd, opt_timeout);
|
||||
if (opt_iteration_time)
|
||||
crypt_set_iteration_time(cd, opt_iteration_time);
|
||||
@@ -522,7 +539,7 @@ static int action_luksFormat(int arg __attribute__((unused)))
|
||||
|
||||
r = crypt_get_key(_("Enter LUKS passphrase: "), &password, &passwordLen,
|
||||
opt_keyfile_size, opt_key_file, opt_timeout,
|
||||
opt_batch_mode ? 0 : 1 /* always verify */, cd);
|
||||
_verify_passphrase(1), cd);
|
||||
if (r < 0)
|
||||
goto out;
|
||||
|
||||
@@ -582,6 +599,7 @@ static int action_luksOpen(int arg __attribute__((unused)))
|
||||
|
||||
crypt_set_timeout(cd, opt_timeout);
|
||||
crypt_set_password_retry(cd, opt_tries);
|
||||
crypt_set_password_verify(cd, _verify_passphrase(0));
|
||||
|
||||
if (opt_iteration_time)
|
||||
crypt_set_iteration_time(cd, opt_iteration_time);
|
||||
@@ -628,7 +646,7 @@ static int verify_keyslot(struct crypt_device *cd, int key_slot,
|
||||
|
||||
r = crypt_get_key(msg_pass, &password, &passwordLen,
|
||||
keyfile_size, key_file, opt_timeout,
|
||||
opt_batch_mode ? 0 : opt_verify_passphrase, cd);
|
||||
_verify_passphrase(0), cd);
|
||||
if(r < 0)
|
||||
goto out;
|
||||
|
||||
@@ -718,7 +736,7 @@ static int action_luksRemoveKey(int arg __attribute__((unused)))
|
||||
&password, &passwordLen,
|
||||
opt_keyfile_size, opt_key_file,
|
||||
opt_timeout,
|
||||
opt_batch_mode ? 0 : opt_verify_passphrase,
|
||||
_verify_passphrase(0),
|
||||
cd);
|
||||
if(r < 0)
|
||||
goto out;
|
||||
@@ -762,7 +780,8 @@ static int action_luksAddKey(int arg __attribute__((unused)))
|
||||
goto out;
|
||||
|
||||
keysize = crypt_get_volume_key_size(cd);
|
||||
crypt_set_password_verify(cd, opt_verify_passphrase ? 1 : 0);
|
||||
/* FIXME: lib cannot properly set verification for new/old passphrase */
|
||||
crypt_set_password_verify(cd, _verify_passphrase(0));
|
||||
crypt_set_timeout(cd, opt_timeout);
|
||||
if (opt_iteration_time)
|
||||
crypt_set_iteration_time(cd, opt_iteration_time);
|
||||
@@ -819,7 +838,7 @@ static int action_luksChangeKey(int arg __attribute__((unused)))
|
||||
r = crypt_get_key(_("Enter LUKS passphrase to be changed: "),
|
||||
&password, &passwordLen,
|
||||
opt_keyfile_size, opt_key_file, opt_timeout,
|
||||
opt_batch_mode ? 0 : opt_verify_passphrase, cd);
|
||||
_verify_passphrase(0), cd);
|
||||
if (r < 0)
|
||||
goto out;
|
||||
|
||||
@@ -856,7 +875,7 @@ static int action_luksChangeKey(int arg __attribute__((unused)))
|
||||
r = crypt_get_key(_("Enter new LUKS passphrase: "),
|
||||
&password, &passwordLen,
|
||||
opt_new_keyfile_size, opt_new_key_file,
|
||||
opt_timeout, opt_batch_mode ? 0 : 1, cd);
|
||||
opt_timeout, _verify_passphrase(0), cd);
|
||||
if (r < 0)
|
||||
goto out;
|
||||
|
||||
@@ -1021,6 +1040,7 @@ static int action_luksResume(int arg __attribute__((unused)))
|
||||
|
||||
crypt_set_timeout(cd, opt_timeout);
|
||||
crypt_set_password_retry(cd, opt_tries);
|
||||
crypt_set_password_verify(cd, _verify_passphrase(0));
|
||||
|
||||
if (opt_key_file)
|
||||
r = crypt_resume_by_keyfile(cd, action_argv[0], CRYPT_ANY_SLOT,
|
||||
|
||||
@@ -313,7 +313,7 @@ echo "key0" | $CRYPTSETUP -q create $DEV_NAME --hash sha1 --size 100 $LOOPDEV ||
|
||||
$CRYPTSETUP -q status $DEV_NAME | grep "size:" | grep -q "100 sectors" || fail
|
||||
$CRYPTSETUP -q remove $DEV_NAME || fail
|
||||
# verify is ignored on non-tty input
|
||||
echo "key0" | $CRYPTSETUP create $DEV_NAME $LOOPDEV --hash sha1 --verify-passphrase || fail
|
||||
echo "key0" | $CRYPTSETUP create $DEV_NAME $LOOPDEV --hash sha1 --verify-passphrase 2>/dev/null || fail
|
||||
$CRYPTSETUP -q remove $DEV_NAME || fail
|
||||
$CRYPTSETUP create $DEV_NAME $LOOPDEV -d $KEY1 --key-size 255 2>/dev/null && fail
|
||||
$CRYPTSETUP create $DEV_NAME $LOOPDEV -d $KEY1 --key-size -1 2>/dev/null && fail
|
||||
|
||||
Reference in New Issue
Block a user